v0.5.0 - Major Refactoring & Security Hardening

Major codebase refactoring with security hardening and architecture improvements

Total changes: 2,390 lines added, 1,355 lines removed across 43 files

Key Highlights

• 76% code reduction in video processor (406 → 96 lines)
• 44% code reduction in comments API (340 → 189 lines)
• Critical bug fixes for asset processing and file validation
• Enhanced security with two-layer asset validation
• New features for asset management and project passwords

Added

• Project password API endpoint for authenticated admins
• Asset copy/move between video versions with batch operations
• Asset thumbnail management (set any image as video thumbnail)
• Comprehensive asset validation with category-based rules
• Separate asset processor worker with magic byte validation

Fixed

• Asset worker integration (assets now properly queued for processing)
• File validation rejecting valid uploads (relaxed MIME validation at API level)
• Missing security-events module import
• TypeScript null to undefined type conversions

Refactored

• Video Processor: Extracted 8 helper functions, eliminated magic numbers, reduced nesting
• Comments API: Extracted 5 helper functions, separated concerns
• Share/Content API: Consolidated duplicate logic

Security

• Enhanced FFmpeg watermark validation (strict whitelist, 100 char limit)
• Two-layer asset validation (API extension check + worker magic bytes)
• Defense-in-depth: lenient API validation + strict worker validation

See CHANGELOG.md for complete details.

v0.4.0

Why 0.4.0?

Previous releases added major features using patch increments. Bumping to 0.4.0 reflects accumulated feature additions. This release stabilizes features with bug fixes and quality-of-life improvements.

Fixed

• Guest mode settings now persist correctly when disabled
• Guest mode properly enforces restricted access when enabled
• Authentication logic refactored for reliability and maintainability
• Global watermark settings now inherited by new projects
• Password validation for PASSWORD/BOTH authentication modes
• Mobile UI layout issues with video titles and action buttons
• Video metadata display on mobile (duration/resolution/size)
• Version label truncation on long names

Improved

• Back buttons now left-aligned and more compact
• Video list layout consistent across desktop and mobile
• Info button hidden for guests
• Security recommendation when disabling guest mode
• Cleaner authentication flow following best practices

v0.3.7

Features

• Guest mode with view-only restrictions
• Video asset management system
• Global video processing settings
• Authentication mode support

Security

• CSRF protection improvements
• Guest mode security enhancements

v0.3.6 - Health Check Endpoint & UI Improvements

What's New in v0.3.6

Added

• Health Check Endpoint (/api/health)
  • Public endpoint for Docker health checks and monitoring systems
  • Tests database and Redis connectivity
  • Returns minimal information (no version or config exposure)
  • No authentication required for health monitoring
  • Replaces deprecated /api/settings/public endpoint
• CSRF Protection Infrastructure
  • Client-side CSRF token utilities (src/lib/csrf-client.ts)
  • Security middleware foundation (src/lib/security/)
  • CSRF API endpoint (/api/csrf/)
• Database Performance Improvements
  • Added indexes on Video table for status queries
  • Migration: 20251117000000_add_video_status_indexes

Improved

• Security Events UI Consistency
  • Replaced HTML disclosure triangle with Lucide ChevronRight icon
  • Standardized font sizes across all admin sections
  • Consistent text sizing with Analytics and Projects pages
  • Better mobile experience with proper SVG icons
  • Smooth rotation animation on details expand/collapse
• Admin Interface Typography
  • Unified font sizes: text-sm for titles and descriptions
  • text-xs for timestamps and labels (consistent with Analytics)
  • Improved readability across desktop and mobile

Removed

• Deprecated /api/settings/public endpoint (replaced by /api/health)

Full Changelog: v0.3.5...v0.3.6

v0.3.5 - Security Update

Security Improvements

Resolved 4 HIGH severity Go CVEs in esbuild dependency

• Upgraded esbuild from 0.25.12 to 0.27.0
• Fixed CVE-2025-58188, CVE-2025-61725, CVE-2025-58187, CVE-2025-61723
• Reduced total CVE count from 5H to 1H
• All Go vulnerabilities resolved

Updated base image

• Docker base image updated to node:25.2.0-alpine3.22
• SECURITY.md updated with current CVE status
• All remaining CVEs are in Alpine/npm packages awaiting upstream fixes

Improvements

• Enhanced UI consistency across admin interface
• Standardized form styling and spacing
• Improved visual alignment of UI elements

---

Full Changelog: v0.3.4...v0.3.5

v0.3.4

What's New

OTP Authentication

• Alternative to password authentication for share links
• 6-digit codes expire after 10 minutes
• Configurable per-project (password, OTP, or both)
• Modern 6-box input with auto-focus and paste support

Multi-Project Sessions

• Fixed session conflicts when accessing multiple projects
• Projects no longer break each other's authentication
• Session properly maintained across all authenticated projects

Code Quality

• Better maintainability, clean up and consistency

Improvements

• Comment section height increased 150% (50vh → 75vh)
• Fixed auto-scroll behavior for comments
• Company Name field now properly accepts empty values
• Better authentication UI messages

Database Migration

New authMode field added to Project table.

v0.3.3 - PassKey Authentication & Password Management Improvements

What's New

PassKey Authentication

Added modern passwordless login for admin accounts using WebAuthn/FIDO2 standards.

Features:

• Usernameless authentication - no email required at login
• Multi-device support with auto-detected device names (iPhone, Mac, Windows PC, etc.)
• Per-user PassKey management in admin settings
• Replay attack prevention and comprehensive security logging
• Strict domain validation - production requires HTTPS, localhost allows HTTP
• Configured via Settings > Application Domain

Password Management

Restored SMTP password visibility and improved password update logic.

Improvements:

• SMTP password can now be revealed using the eye icon in settings
• Smart password updates - only writes to database when value actually changes
• Prevents unnecessary session invalidations when passwords unchanged
• Applies to both SMTP passwords and project share passwords

Bug Fixes

• SMTP password no longer lost when saving other settings
• Project password updates properly compare with current value
• Session invalidation only triggered when password actually changes

Security

• PassKey endpoints protected with rate limiting
• Generic error messages prevent information disclosure
• All PassKey operations require admin authentication (except login)
• Challenge stored in Redis with 5-minute TTL and one-time use

Database Changes

Added PasskeyCredential model for WebAuthn storage including credential ID, public key, signature counter, device information, and usage tracking.

---

Docker Images:

• crypt010/vitransfer:0.3.3
• crypt010/vitransfer:latest

Full Changelog: https://github.com/MansiVisuals/ViTransfer/blob/main/CHANGELOG.md

v0.3.2

v0.3.2 Release

Features & Improvements:

• Comment UI with color-coded message borders and improved visual contrast
• Settings UX improvements
• Project approval logic fixes
• HTTPS configuration support
• Security settings enhancements
• Unapprove functionality
• Build script: optional --no-cache flag support

Important Note:
If you are using HTTP (not HTTPS), make sure to set HTTPS_ENABLED=false in your environment variables or .env file.

v0.3.1

Security

• Add runtime JWT secret validation to prevent undefined secret usage
• Fix fingerprint hash truncation (use full 256-bit SHA-256 instead of 96-bit)
• Add CRLF injection protection for companyName field in email headers
• Strengthen FFmpeg watermark escaping with defense-in-depth approach
• Implement reusable Content-Disposition header sanitization for file downloads
• Add rate limiting to admin endpoints (batch ops, approve/unapprove, users)
• Add batch operation size limits (max 100 items)
• Fix SMTP password exposure in API responses (return placeholder)

Added

• Per-project companyName field in project creation and settings
• Display priority: companyName → Primary Recipient → "Client"
• Timezone-aware date/time formatting using Intl.DateTimeFormat
  • Client-side: uses browser timezone for proper user localization
  • Server-side: uses TZ environment variable for emails/logs/workers
  • Format adapts based on region (MM-dd-yyyy, dd-MM-yyyy, yyyy-MM-dd)

Changed

• Update all pages to show companyName with fallback logic
• Update share API to use companyName in clientName field
• Replace toLocaleString() with formatDateTime() for consistency
• Hide recipient email when companyName is set for cleaner display

Fixed

• Hourly email notifications now send only at the top of each hour (:00) instead of immediately when messages arrive
• Comment name picker now starts at "Select a name..." instead of pre-selecting "Custom Name"
• Correct product name from "VidTransfer" to "ViTransfer" throughout codebase
• Fix TypeScript build errors related to Buffer type annotations in streams
• Revert incorrect project ownership validation (admins see all projects)

---

Full Changelog: v0.3.0...v0.3.1

v0.3.0 - Major Feature Release

Changelog

All notable changes to ViTransfer will be documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

[0.3.0] - 2025-11-13

Why v0.3.0? Originally planned as v0.2.6, this release includes critical security hardening that warrants a minor version bump rather than a patch. The scope of security improvements (SQL injection prevention, XSS protection enhancement, command injection fixes, timing attack mitigation, and path traversal hardening) makes this a significant security-focused upgrade.

Security

• CRITICAL: Fixed SQL injection vulnerability in database context management
  • Added strict CUID format validation (/^c[a-z0-9]{24}$/) before executing raw SQL
  • Added UserRole enum validation to prevent arbitrary role injection
  • Prevents malicious user IDs from bypassing Row Level Security (RLS)
  • Location: src/lib/db.ts:setDatabaseUserContext()
• CRITICAL: Enhanced XSS protection in comment rendering
  • Configured DOMPurify with strict ALLOWED_TAGS whitelist
  • Added ALLOWED_URI_REGEXP to only allow https://, http://, mailto: URLs
  • Enabled FORCE_BODY to prevent context-breaking attacks
  • Added rel="noopener noreferrer" to all links automatically
  • Location: src/components/MessageBubble.tsx:sanitizeContent()
• CRITICAL: Fixed command injection in FFmpeg watermark processing
  • Created dedicated validateAndSanitizeWatermarkText() function
  • Validates character whitelist (alphanumeric, spaces, safe punctuation only)
  • Enforces 100 character limit to prevent resource exhaustion
  • Properly escapes text for FFmpeg drawtext filter
  • Location: src/lib/ffmpeg.ts
• CRITICAL: Fixed timing attack vulnerability in password verification
  • Implemented constant-time comparison using crypto.timingSafeEqual()
  • Prevents password enumeration through timing analysis
  • Maintains constant execution time even when lengths differ
  • Location: src/app/api/share/[token]/verify/route.ts:constantTimeCompare()
• HIGH: Added robust JSON.parse error handling in video access tokens
  • Gracefully handles corrupted Redis data without crashing
  • Validates required fields (videoId, projectId, sessionId) after parsing
  • Logs security events with sanitized token preview (first 10 chars only)
  • Location: src/lib/video-access.ts:verifyVideoAccessToken()
• HIGH: Enhanced path traversal protection with 7-layer defense
  • Layer 1: Null byte injection check
  • Layer 2: Double URL decoding (catches %252e%252e%252f attacks)
  • Layer 3: Path separator normalization
  • Layer 4: Explicit .. sequence removal
  • Layer 5: Path normalization
  • Layer 6: Absolute path resolution
  • Layer 7: Boundary validation (ensure path is within STORAGE_ROOT)
  • Location: src/lib/storage.ts:validatePath()
• Code Quality: Removed 51KB of duplicate component files
  • Deleted: AdminVideoManager 2.tsx, LoginModal 2.tsx, VideoPlayer 2.tsx, VideoUpload 2.tsx
  • Eliminates maintenance burden and potential inconsistencies

Added

• Complete Email Notification System (originally planned for future release, delivered now!)
  • Configurable notification schedules: Immediate, Hourly, Daily, Weekly
  • Email notification summaries to reduce spam (batches updates by schedule)
  • Separate admin and client notification settings per project
  • Per-recipient notification preferences with opt-in/opt-out toggles
  • Notification queue system with automatic retry logic (3 attempts, permanent failure tracking)
  • BullMQ repeatable jobs for scheduled summary delivery (every minute check)
  • Professional email templates with project context and direct share links
  • Unified notification flow for all comment types (client comments, admin replies)
• Per-Video Revision Tracking
  • Track revision count per video (not just per project)
  • Better control over individual video approval cycles
  • Maintains project-wide revision limits while tracking per video
• Sort toggle for projects dashboard (status/alphabetical sorting)
• Sort toggle for project videos and versions (status/alphabetical sorting)
• Section dividers in share page sidebar (For Review / Approved sections)
• Green check mark icon for approved videos in sidebar (replaces play icon)
• New formatDate() utility for consistent date formatting (11-Nov-2025 format)
• DEBUG_WORKER environment variable for optional verbose logging

Changed

• BREAKING: All comments must now be video-specific (general comments removed)
• Email notifications now fully functional with flexible scheduling
• Share page sorting now checks if ANY version is approved (not just latest)
• Video groups in admin panel sorted by approval status (unapproved first)
• Versions within groups sorted by approval status (approved first)
• Projects list extracted to client component for better performance
• README development warning now includes 3-2-1 backup principle
• All recipient IDs migrated from UUID to CUID format for consistency
• All dates now display in consistent "11-Nov-2025" format

Removed

• General/system comments (all comments must be attached to a video)
• System audit comments for approval/unapproval actions (status tracked in database)
• Old per-comment email notification system (replaced with unified notification queue)
• Duplicate component files (AdminVideoManager 2.tsx, LoginModal 2.tsx, VideoPlayer 2.tsx, VideoUpload 2.tsx)

Improved

• Comment section approval updates now instant (optimistic UI updates)
• Share page filtering refreshes immediately on approval state changes
• Comment/reply updates appear instantly without page refresh
• Optimistic updates for comment replies (no loading delays)
• Admin comment version filtering on share page more accurate
• Feedback & Discussion section updates immediately on approval changes
• Approved badge spacing in admin panel
• "All Versions" section spacing from content above
• Analytics projects card spacing to prevent overlap
• Version labels padding to prevent hover animation cutoff
• Mobile inline editing no longer overflows with action buttons
• Simplified comment filtering logic (no more null videoId checks)

Fixed

• CRITICAL: Thumbnail generation failing for videos shorter than 10 seconds
  • Previously hardcoded to seek to 10s, causing EOF for short videos
  • Now calculates safe timestamp: 10% of duration (min 0.5s, max 10s)
• Comment section not updating when approval status changes
• Share page filtering not refreshing after approval/unapproval
• Instant comment/reply updates not working correctly
• Optimistic updates for comment replies failing
• Feedback & Discussion section not updating on approval changes
• Admin comment version filtering on share page
• Projects dashboard now loads correctly after refactoring
• Mobile overflow when editing video/group names
• Version label hover animation cutoff at top of container

Database Migration

• Added notification schedule fields to Settings table (admin-wide defaults)
• Added notification schedule fields to Project table (per-project overrides)
• Added notification day field for weekly schedules
• Added lastAdminNotificationSent and lastClientNotificationSent timestamps
• Created NotificationQueue table for batched email delivery with retry tracking
• Added ProjectRecipient.receiveNotifications boolean field
• Added per-video revision tracking fields
• IRREVERSIBLE: Deleted all existing general comments (where videoId IS NULL)
• Made Comment.videoId field required (NOT NULL constraint)
• IRREVERSIBLE: Migrated all UUID format recipient IDs to CUID format

[0.2.5] - 2025-11-12

Added

• DEBUG_WORKER environment variable
  • Optional verbose logging for FFmpeg and worker operations
  • Logs command execution, process IDs, exit codes, timing breakdowns
  • Shows download/upload speeds, file sizes, processing time breakdown
  • Controllable without rebuilding Docker image (set env var and restart)
  • Helps diagnose video processing issues in production

Fixed

• CRITICAL: Thumbnail generation failing for videos shorter than 10 seconds
  • Previously hardcoded to seek to 10 seconds, causing EOF for short videos
  • Now calculates safe timestamp: 10% of duration (min 0.5s, max 10s)
  • FFmpeg properly reports when no frames available for extraction

[0.2.4] - 2025-11-10

Added

• Auto-approve project setting with toggle in global settings

Changed

• "Final Version" renamed to "Approved Version"
• Admin footer solid background, fixed at bottom on desktop
• Video information dialog clarifies it shows original video metadata
• Videos sorted by approval status (unapproved first)
• Mobile video selector now starts collapsed

Improved

• Settings pages show save/error notifications at bottom for better mobile/long page UX
• Simplified video preview note text
• Comment section height and scrolling behavior

Fixed

• Recipient name selector jumping to first option
• Mobile sidebar collapsing when selecting videos
• Share page auto-scrolling issues

[0.2.3] - 2025-11-09

Fixed

• Recipient name selector jumping back to first option when selecting another recipient

[0.2.2] - 2025-11-09

Fixed

• Validation error when creating projects without password protection
• Validation error when creating projects without recipient email

[0.2.1] - 2025-11-09

Fixed

• Docker entrypoint usermod timeout removed - allows natural completion on all platforms
• Clean startup output without false warning messages

Added

• Version number now displays in admin footer
• Build script passes version to Docker image at build time

[0.2.0] - 2025-11-09

Added

• Multiple recipient support for projects (ProjectRecipient model)
• Recipient management UI in project settings (add, edit, remove)
• Primary recipient designation for ea...